Intel MKTME Support Being Prepped For The Linux Kernel: Total Memory Encryption
Intel developers are working on bringing transparent memory encryption support to the Linux kernel that works in conjunction with upcoming Intel platforms.
AMD's current EPYC and Ryzen Pro processors feature Secure Memory Encryption (SME) while upcoming Intel CPUs are working on a roughly similar feature with Total Memory Encryption (TME) along with MKTME, or Multikey Total Memory Encryption.
Kirill Shutemov of Intel Finland today sent out the initial kernel patches for this TME/MKTME kernel support code. In its present form is just over 500 lines of code to take advantage of this hardware-based transparent memory encryption for future Intel CPUs.
AMD's current EPYC and Ryzen Pro processors feature Secure Memory Encryption (SME) while upcoming Intel CPUs are working on a roughly similar feature with Total Memory Encryption (TME) along with MKTME, or Multikey Total Memory Encryption.
MKTME is built on top of TME. TME allows encryption of the entirety of system memory using a single key. MKTME allows to have multiple encryption domains, each having own key -- different memory pages can be encrypted with different keys.
Key design points of Intel MKTME:
- Initial HW implementation would support upto 63 keys (plus one default TME key). But the number of keys may be as low as 3, depending to SKU and BIOS settings.
Kirill Shutemov of Intel Finland today sent out the initial kernel patches for this TME/MKTME kernel support code. In its present form is just over 500 lines of code to take advantage of this hardware-based transparent memory encryption for future Intel CPUs.
10 Comments